MBAN-SEM-IV 1. What are the major advantages of B2B e-commerce?

MI0030- SETII

Ans. Advantages of B2B 1. Direct interaction with customers. This is the greatest advantage of ebusiness. The unknown and faceless customer including other businesses, buying the products of a large MNC like say HLL or Procter & Gamble through distributors, channels, shops and the like, now has a name, face, and a profile. Large MNCs pay a fortune for this information on customer buying patterns. 2. Focused sales promotion. This information gives authentic data about the likes, dislikes and preferences of clients and thus helps the company bring out focussed sales promotion drives which are aimed at the right audience. 3. Building customer loyalty. It has been observed that online customers can be more loyal than other customers if they are made to feel special and their distinct identity is recognized and their concerns about privacy are respected. It has also been found that once the customers develop a binding relationship with a site and its product, they do not like to shift loyalties to another site or product. 4. Scalability. This means that the Web is open and offers round-the-clock access. 5. This provides an access never known before, to the customer. This access is across locations and time zones. Thus a company is able to handle many more customers on a much wider geographical spread if it uses an e-business model. The company can set up a generic parent site for all locations and make regional domains to suit such requirements. Microsoft is using this model very successfully. The additional cost of serving a larger segment of customers comes down drastically once a critical mass is reached. 6. Savings in distribution costs. A company can make huge savings in distribution, logistical and after-sales support costs by using e-business models. Typical examples are of computer companies, airlines, and telecom companies. This is because the e-business models involve the customer in the business interaction to such a level that companies are able to avoid setting up the huge backbone of sales and support force, which ordinarily would have to be set up. 2. Explain the nine different types of e-business models Ans. The business model is essentially ruled by the following two parameters: 1. On the basis of value addition: Value addition is the addition of value to a product or service because of the opportunities that it offers on the web. 2. On the basis of control: At the high end of control there is hierarchical control and at the low end there is no control, so that it is self-organizing. Normally, the control is done through the policies of the website. Based on these, nine types of transactions can be identified as listed below: • Brokerage • Aggregator • Info-mediary • Community • Value Chain • Subscription ROLL-NO-510286414 NAME:-AHUJA PRAKASH DHANRAJ CENTRE-01976

MBAN-SEM-IV • • • Manufacturer Advertising Affiliate

MI0030- SETII

3. Explain the risks to customer in internet associated risks

Ans. Risks to Customers The Internet has not been viewed by most users as a safe place to use credit cards to conduct business transactions. This feeling of insecurity is primarily due to the large amount of press reports citing story after story about thefts of credit card information by Internet hackers. False or Malicious Web Sites Malicious web sites are typically set up for the purpose of stealing visitors' IDs and passwords, stealing credit card information, spying on a visitor's hard drive, and uploading files from the visitor's hard drive. The bugs discussed in the following section are either remedied by the most current version of the browser software, or they can be remedied by recent "patch" files that can be found on the vendors' web sites. Unfortunately, new variations continue to pop up as soon as "cures" for the old variations are available. Web site assurance should be helpful for assessing the trustworthiness of a web site. Stealing visitors' IDs and passwords This can be accomplished by individuals who set up a malicious web site that asks the user to "register" with the web site and to give a password. The password is given voluntarily and can only be harmfully used if the visitor uses the same password for many different applications, such as ATM cards, work-related passwords and home security alarm passwords. The rule to live by here is to always use a different password for various Internet related purposes. Stealing visitors' credit card information This can also be obtained by "false" web sites being set up and temporarily staged as legitimate businesses, such as a site selling Gift Baskets to be delivered anywhere in the country on festivals (Holi, Deepavali, Christmas etc). The site could be set up any time prior to Christmas eve, collect credit card information, and then shut down on Christmas Eve. No one would know to complain until after Christmas Eve, and by that time the site has most assuredly already shut down. This type of scam is not unique to the Internet, however, it is easier to attract a large customer base and then E-Commerce and Web "disappear" from the Internet without having to physically pick up and move from one's domicile. A more troubling manner in which credit cards, IDs, passwords, and other information, including bank account access codes, may be intercepted by a malicious web site is accomplished through the use of bugs which allow all visitors' sessions to be monitored and such information recorded. These types of acts are sometimes referred to as man in the middle attacks. Such bugs as "the Bell Labs Bug," the Singapore Bug," and the "Santa Barbara Bug" involve some variation of a procedure which allows JavaScript pages of a malicious web site, which must first be visited, to view and capture any information transmitted to subsequent web sites visited. The basic manner in which this is conducted is by attaching a virtually invisible window, perhaps 1 by 1 pixel, that remains ROLL-NO-510286414 NAME:-AHUJA PRAKASH DHANRAJ CENTRE-01976

MBAN-SEM-IV

MI0030- SETII

open as'other sites are visited. The most troubling aspect of this type of bug is that information can be stolen even if the site is "secured" with Secure Sockets Layer (SSL). Spying on a visitor's hard drive and uploading files from the visitor's hard drive This has been accomplished via bugs such as the "Freiburg Bug" which exploit file upload holes in web browser software. These types of bugs also use a virtually invisible frame generated 'by the malicious web site. As the visitor browses the web site, a JavaScript program proceeds to examine the visitor's hard drive, and through file-sharing techniques, any files with known names can then be uploaded to any site desired on the Internet. The file name must be known in advance. Unfortunately for security reasons, many common files reside on most computers, such as "cookies.txt" that may have voluntarily supplied, unencrypted password information stored in it, although the storing of unencrypted password data is rare. The only types of files that may be uploaded are text, image or HTML files. The files may be scanned and uploaded, but they may not be altered while they are on the visitor's hard drive. Theft of customer data from selling agents and Internet Service Providers (ISP) Customers purchasing goods and services on the Internet, including the use of an ISP to have access to the Internet, typically pay with credit cards. Cyber cash payment methods are another, less popular alternative. This credit card information is stored by the selling agents and ISPs. Unfortunately for the customers, hackers are occasionally successful at breaking into the selling agent's and the ISP's systems and obtaining the customers' credit card data. Little, if anything, can be done by the consumer to, prevent this type of exposure other than not using credit card information at all on the Internet. The risk, however, is comparable if you use your credit card for any other purpose since corporate databases containing non- Internet customer credit card information may also be penetrated and stolen. Privacy and the use of cookies The issue of privacy on the Internet is of concern to many people. Many coalitions have been formed to monitor and disseminate information regarding privacy issues on the Internet and to proactively- lobby for greater privacy measures. A few of these groups are the Center for Democracy and Technology (CDT), Electronic Frontier Foundation (EFF), Electronic Privacy Information Center (EPIC), Privacy International, and Privacy Rights Clearinghouse (PRC). So what information is kept about a visitor? The answer depends on how much information the visitor divulges about him/herself and how he/she configures the web browser preferences. Cookies were designed to allow web servers to operate more efficiently, provide a better response time to repeat visitors to their sites, and more accurately track how many different users (as opposed to repeat visitors) visit a site. The use of cookies, however, has become a very controversial topic by privacy groups preferring to have no information about web browsing activities be kept by the web sites visited. Depending on which web browser is being used, cookies may be placed in a single file or individual files. For many web sites, the only information recorded is a unique identification number so that the site may track the number of first time and repeat visitors. When a user initially visits a web site, the host site may assign a unique identification code to that user and create a cookie that is placed on the visitor's permanent storage device, such as a hard drive. While the cookie file is written to the visitor's hard drive, no files from the hard drive may be read, altered or uploaded from this procedure. In some instances, other information such as user ID and password are ROLL-NO-510286414 NAME:-AHUJA PRAKASH DHANRAJ CENTRE-01976

MBAN-SEM-IV

MI0030- SETII

placed in this file, but only if the individual offers this information by typing it into a form. This information is encrypted by some sites, but not by all. The cookie file is a text file (.txt) that is easily read. Although rare; if an unencrypted password is placed in this file, the danger of the file being read by some other malicious mechanism is a potential exposure. Even if a password is unencrypted in a-cookie file, it is possible that information passed from it to a server is encrypted, such as during an SSL session. On the web site server side, the assigned user identification number is stored. In many cases, that is all that is stored. In other cases, time visited, length of the visit, items clicked on, and user preference data given by the visitor may also be stored by the web site server into a database. Privacy groups are concerned about these types of data repositories being created and sold for marketing or other purposes. The main reason given for the justification for the creation of cookies is one of efficiency. On subsequent visits to this web site, once the cookie is read, the server can obtain any data stored about the visitor without having to ask for it again. For example, cookies can process multiple advertisements sequentially so that one is not repeated until a cycle is complete. Also, the web site server does not have to store any of the visitor preference data on its computer, and thus the potential to push data storage to the visitor exists. How long do cookies last? Just like edible cookies, computer-generated cookies have expiration dates assigned. Most sites either set their expiration dates for a very short (a couple of hours for shopping carts) or a very long (several years) time period depending on the site's objectives. In response to users demands for privacy, recent versions of web browsers have the enhanced capability for users to customize their preferences to either refuse the receipt of a cookie or to require permission before a cookie is accepted. Many web sites will not allow you access, however, if you will not accept their cookie(s)! Further, you may edit your cookie file if you wish to judiciously remove cookies so that you can anonymously revisit web sites.

ROLL-NO-510286414 NAME:-AHUJA PRAKASH DHANRAJ

CENTRE-01976